[SCM] team based FPS game - packaging branch, debian, updated. debian/1.1.0-5-4-gdb361a5
Simon McVittie
smcv at debian.org
Wed Feb 22 09:40:38 UTC 2012
The following commit has been merged in the debian branch:
commit 6861eff537b8b3de340f4c7727d2fa82d36e3d5b
Author: Simon McVittie <smcv at debian.org>
Date: Sun Feb 19 23:21:28 2012 +0000
Backport ioquake3 r1141 and do the equivalent of r1250
diff --git a/debian/changelog b/debian/changelog
index 98d0bd8..e031bd6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,6 +14,10 @@ tremulous (1.1.0-6) UNRELEASED; urgency=medium
code execution) in clients of a malicious server if auto-downloading
is enabled
* As a precaution, disable auto-downloading
+ * Backport ioquake3 r1141 to fix a potential buffer overflow in error
+ handling (not known to be exploitable, but it can't hurt)
+ * Add gcc attributes to all printf- and scanf-like functions, and
+ fix non-literal format strings (again, none are known to be exploitable)
-- Simon McVittie <smcv at debian.org> Sun, 11 Dec 2011 17:35:38 +0000
diff --git a/debian/patches/0017-Sys_Error-do-not-overflow-if-an-error-message-exceed.patch b/debian/patches/0017-Sys_Error-do-not-overflow-if-an-error-message-exceed.patch
new file mode 100644
index 0000000..14fb349
--- /dev/null
+++ b/debian/patches/0017-Sys_Error-do-not-overflow-if-an-error-message-exceed.patch
@@ -0,0 +1,29 @@
+From: Simon McVittie <smcv at debian.org>
+Date: Sun, 19 Feb 2012 22:25:33 +0000
+Subject: Sys_Error: do not overflow if an error message exceeds 1024
+ characters
+
+Backport of ioquake3 r1141 by Thilo Schulz. Not known to be exploitable,
+but it can't hurt.
+
+If this turns out to be exploitable, please mention ioquake3 r1141
+prominently in any advisory.
+
+Origin: backport
+---
+ src/unix/unix_main.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/src/unix/unix_main.c b/src/unix/unix_main.c
+index eb81568..375d76e 100644
+--- a/src/unix/unix_main.c
++++ b/src/unix/unix_main.c
+@@ -437,7 +437,7 @@ void Sys_Error( const char *error, ...)
+ CL_Shutdown ();
+
+ va_start (argptr,error);
+- vsprintf (string,error,argptr);
++ Q_vsnprintf (string, sizeof(string), error, argptr);
+ va_end (argptr);
+ fprintf(stderr, "Sys_Error: %s\n", string);
+
diff --git a/debian/patches/0018-Avoid-non-literal-format-strings.patch b/debian/patches/0018-Avoid-non-literal-format-strings.patch
new file mode 100644
index 0000000..05e0408
--- /dev/null
+++ b/debian/patches/0018-Avoid-non-literal-format-strings.patch
@@ -0,0 +1,133 @@
+From: Simon McVittie <smcv at debian.org>
+Date: Sun, 19 Feb 2012 23:16:49 +0000
+Subject: Avoid non-literal format strings
+
+This is a precautionary measure against potential exploits; none of these
+instances is known to be exploitable.
+
+Origin: vendor, Debian
+---
+ src/botlib/be_aas_main.c | 2 +-
+ src/botlib/l_script.c | 2 +-
+ src/client/cl_cgame.c | 2 +-
+ src/client/cl_main.c | 2 +-
+ src/client/cl_parse.c | 2 +-
+ src/game/g_combat.c | 6 +++---
+ src/ui/ui_main.c | 4 ++--
+ 7 files changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/src/botlib/be_aas_main.c b/src/botlib/be_aas_main.c
+index 264c784..3a9a569 100644
+--- a/src/botlib/be_aas_main.c
++++ b/src/botlib/be_aas_main.c
+@@ -63,7 +63,7 @@ void QDECL AAS_Error(char *fmt, ...)
+ va_start(arglist, fmt);
+ vsprintf(str, fmt, arglist);
+ va_end(arglist);
+- botimport.Print(PRT_FATAL, str);
++ botimport.Print(PRT_FATAL, "%s", str);
+ } //end of the function AAS_Error
+ //===========================================================================
+ //
+diff --git a/src/botlib/l_script.c b/src/botlib/l_script.c
+index 7b2e2ad..749afd4 100644
+--- a/src/botlib/l_script.c
++++ b/src/botlib/l_script.c
+@@ -1429,6 +1429,6 @@ void PS_SetBaseFolder(char *path)
+ #ifdef BSPC
+ sprintf(basefolder, path);
+ #else
+- Com_sprintf(basefolder, sizeof(basefolder), path);
++ Com_sprintf(basefolder, sizeof(basefolder), "%s", path);
+ #endif
+ } //end of the function PS_SetBaseFolder
+diff --git a/src/client/cl_cgame.c b/src/client/cl_cgame.c
+index 7d4c0a9..e9c341e 100644
+--- a/src/client/cl_cgame.c
++++ b/src/client/cl_cgame.c
+@@ -298,7 +298,7 @@ rescan:
+ // https://zerowing.idsoftware.com/bugzilla/show_bug.cgi?id=552
+ // allow server to indicate why they were disconnected
+ if ( argc >= 2 )
+- Com_Error (ERR_SERVERDISCONNECT, va( "Server Disconnected - %s", Cmd_Argv( 1 ) ) );
++ Com_Error (ERR_SERVERDISCONNECT, "Server Disconnected - %s", Cmd_Argv( 1 ) );
+ else
+ Com_Error (ERR_SERVERDISCONNECT,"Server disconnected\n");
+ }
+diff --git a/src/client/cl_main.c b/src/client/cl_main.c
+index 78cf9e7..b4e2c23 100644
+--- a/src/client/cl_main.c
++++ b/src/client/cl_main.c
+@@ -2967,7 +2967,7 @@ void CL_GlobalServers_f( void ) {
+ buffptr += sprintf( buffptr, " demo" );
+ }
+
+- NET_OutOfBandPrint( NS_SERVER, to, command );
++ NET_OutOfBandPrint( NS_SERVER, to, "%s", command );
+ }
+
+
+diff --git a/src/client/cl_parse.c b/src/client/cl_parse.c
+index 2d36aa1..23f82ea 100644
+--- a/src/client/cl_parse.c
++++ b/src/client/cl_parse.c
+@@ -520,7 +520,7 @@ void CL_ParseDownload ( msg_t *msg ) {
+
+ if (clc.downloadSize < 0)
+ {
+- Com_Error(ERR_DROP, MSG_ReadString( msg ) );
++ Com_Error(ERR_DROP, "%s", MSG_ReadString( msg ) );
+ return;
+ }
+ }
+diff --git a/src/game/g_combat.c b/src/game/g_combat.c
+index 7e38f11..1f48bba 100644
+--- a/src/game/g_combat.c
++++ b/src/game/g_combat.c
+@@ -831,13 +831,13 @@ void G_InitDamageLocations( void )
+ len = trap_FS_FOpenFile( filename, &fileHandle, FS_READ );
+ if ( !fileHandle )
+ {
+- G_Printf( va( S_COLOR_RED "file not found: %s\n", filename ) );
++ G_Printf( S_COLOR_RED "file not found: %s\n", filename );
+ continue;
+ }
+
+ if( len >= MAX_LOCDAMAGE_TEXT )
+ {
+- G_Printf( va( S_COLOR_RED "file too large: %s is %i, max allowed is %i", filename, len, MAX_LOCDAMAGE_TEXT ) );
++ G_Printf( S_COLOR_RED "file too large: %s is %i, max allowed is %i", filename, len, MAX_LOCDAMAGE_TEXT );
+ trap_FS_FCloseFile( fileHandle );
+ continue;
+ }
+@@ -862,7 +862,7 @@ void G_InitDamageLocations( void )
+
+ if( len >= MAX_LOCDAMAGE_TEXT )
+ {
+- G_Printf( va( S_COLOR_RED "file too large: %s is %i, max allowed is %i", filename, len, MAX_LOCDAMAGE_TEXT ) );
++ G_Printf( S_COLOR_RED "file too large: %s is %i, max allowed is %i", filename, len, MAX_LOCDAMAGE_TEXT );
+ trap_FS_FCloseFile( fileHandle );
+ continue;
+ }
+diff --git a/src/ui/ui_main.c b/src/ui/ui_main.c
+index 604e709..ee60f0f 100644
+--- a/src/ui/ui_main.c
++++ b/src/ui/ui_main.c
+@@ -5382,7 +5382,7 @@ static void UI_BuildQ3Model_List( void )
+ if (Q_stricmpn(skinname, "icon_", 5) == 0 && !(Q_stricmp(skinname,"icon_blue") == 0 || Q_stricmp(skinname,"icon_red") == 0))
+ {
+ if (Q_stricmp(skinname, "icon_default") == 0) {
+- Com_sprintf( scratch, sizeof(scratch), dirptr);
++ Com_sprintf( scratch, sizeof(scratch), "%s", dirptr);
+ } else {
+ Com_sprintf( scratch, sizeof(scratch), "%s/%s",dirptr, skinname + 5);
+ }
+@@ -5394,7 +5394,7 @@ static void UI_BuildQ3Model_List( void )
+ }
+ }
+ if (!dirty) {
+- Com_sprintf( uiInfo.q3HeadNames[uiInfo.q3HeadCount], sizeof(uiInfo.q3HeadNames[uiInfo.q3HeadCount]), scratch);
++ Com_sprintf( uiInfo.q3HeadNames[uiInfo.q3HeadCount], sizeof(uiInfo.q3HeadNames[uiInfo.q3HeadCount]), "%s", scratch);
+ uiInfo.q3HeadIcons[uiInfo.q3HeadCount++] = trap_R_RegisterShaderNoMip(va("models/players/%s/%s",dirptr,skinname));
+ }
+ }
diff --git a/debian/patches/0019-Annotate-printf-and-scanf-like-functions-with-gcc-at.patch b/debian/patches/0019-Annotate-printf-and-scanf-like-functions-with-gcc-at.patch
new file mode 100644
index 0000000..e54cfbb
--- /dev/null
+++ b/debian/patches/0019-Annotate-printf-and-scanf-like-functions-with-gcc-at.patch
@@ -0,0 +1,281 @@
+From: Simon McVittie <smcv at debian.org>
+Date: Sun, 19 Feb 2012 23:18:28 +0000
+Subject: Annotate printf- and scanf-like functions with gcc attributes
+
+This isn't necessarily suitable for upstream (non-portable) but it
+makes -Werror=format-security work better.
+
+Origin: vendor, Debian
+---
+ src/botlib/be_aas_main.h | 2 +-
+ src/botlib/botlib.h | 2 +-
+ src/botlib/l_log.h | 4 ++--
+ src/botlib/l_precomp.h | 4 ++--
+ src/botlib/l_script.h | 4 ++--
+ src/cgame/cg_local.h | 4 ++--
+ src/game/bg_lib.h | 2 +-
+ src/game/g_local.h | 6 +++---
+ src/master/common.h | 2 +-
+ src/qcommon/q_shared.h | 12 ++++++------
+ src/qcommon/qcommon.h | 10 +++++-----
+ src/renderer/tr_public.h | 4 ++--
+ src/server/server.h | 2 +-
+ src/ui/ui_shared.h | 4 ++--
+ 14 files changed, 31 insertions(+), 31 deletions(-)
+
+diff --git a/src/botlib/be_aas_main.h b/src/botlib/be_aas_main.h
+index 9f97818..e6b9eec 100644
+--- a/src/botlib/be_aas_main.h
++++ b/src/botlib/be_aas_main.h
+@@ -35,7 +35,7 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ extern aas_t aasworld;
+
+ //AAS error message
+-void QDECL AAS_Error(char *fmt, ...);
++void QDECL AAS_Error(char *fmt, ...) __attribute__((format(printf, 1, 2)));
+ //set AAS initialized
+ void AAS_SetInitialized(void);
+ //setup AAS with the given number of entities and clients
+diff --git a/src/botlib/botlib.h b/src/botlib/botlib.h
+index 6c5147d..1ae8442 100644
+--- a/src/botlib/botlib.h
++++ b/src/botlib/botlib.h
+@@ -170,7 +170,7 @@ typedef struct bot_entitystate_s
+ typedef struct botlib_import_s
+ {
+ //print messages from the bot library
+- void (QDECL *Print)(int type, char *fmt, ...);
++ void (QDECL *Print)(int type, char *fmt, ...) __attribute__((format(printf, 2, 3)));
+ //trace a bbox through the world
+ void (*Trace)(bsp_trace_t *trace, vec3_t start, vec3_t mins, vec3_t maxs, vec3_t end, int passent, int contentmask);
+ //trace a bbox against a specific entity
+diff --git a/src/botlib/l_log.h b/src/botlib/l_log.h
+index 91cbd95..154f981 100644
+--- a/src/botlib/l_log.h
++++ b/src/botlib/l_log.h
+@@ -37,9 +37,9 @@ void Log_Close(void);
+ //close log file if present
+ void Log_Shutdown(void);
+ //write to the current opened log file
+-void QDECL Log_Write(char *fmt, ...);
++void QDECL Log_Write(char *fmt, ...) __attribute__((format(printf, 1, 2)));
+ //write to the current opened log file with a time stamp
+-void QDECL Log_WriteTimeStamped(char *fmt, ...);
++void QDECL Log_WriteTimeStamped(char *fmt, ...) __attribute__((format(printf, 1, 2)));
+ //returns a pointer to the log file
+ FILE *Log_FilePointer(void);
+ //flush log file
+diff --git a/src/botlib/l_precomp.h b/src/botlib/l_precomp.h
+index b61125b..929db61 100644
+--- a/src/botlib/l_precomp.h
++++ b/src/botlib/l_precomp.h
+@@ -153,9 +153,9 @@ source_t *LoadSourceMemory(char *ptr, int length, char *name);
+ //free the given source
+ void FreeSource(source_t *source);
+ //print a source error
+-void QDECL SourceError(source_t *source, char *str, ...);
++void QDECL SourceError(source_t *source, char *str, ...) __attribute__((format(printf, 2, 3)));
+ //print a source warning
+-void QDECL SourceWarning(source_t *source, char *str, ...);
++void QDECL SourceWarning(source_t *source, char *str, ...) __attribute__((format(printf, 2, 3)));
+
+ #ifdef BSPC
+ // some of BSPC source does include game/q_shared.h and some does not
+diff --git a/src/botlib/l_script.h b/src/botlib/l_script.h
+index a779e62..a5cab5a 100644
+--- a/src/botlib/l_script.h
++++ b/src/botlib/l_script.h
+@@ -241,8 +241,8 @@ void FreeScript(script_t *script);
+ //set the base folder to load files from
+ void PS_SetBaseFolder(char *path);
+ //print a script error with filename and line number
+-void QDECL ScriptError(script_t *script, char *str, ...);
++void QDECL ScriptError(script_t *script, char *str, ...) __attribute__((format(printf, 2, 3)));
+ //print a script warning with filename and line number
+-void QDECL ScriptWarning(script_t *script, char *str, ...);
++void QDECL ScriptWarning(script_t *script, char *str, ...) __attribute__((format(printf, 2, 3)));
+
+
+diff --git a/src/cgame/cg_local.h b/src/cgame/cg_local.h
+index 320e060..7673919 100644
+--- a/src/cgame/cg_local.h
++++ b/src/cgame/cg_local.h
+@@ -1505,8 +1505,8 @@ extern vmCvar_t cg_debugRandom;
+ const char *CG_ConfigString( int index );
+ const char *CG_Argv( int arg );
+
+-void QDECL CG_Printf( const char *msg, ... );
+-void QDECL CG_Error( const char *msg, ... );
++void QDECL CG_Printf( const char *msg, ... ) __attribute__((format(printf, 1, 2)));
++void QDECL CG_Error( const char *msg, ... ) __attribute__((format(printf, 1, 2)));
+
+ void CG_StartMusic( void );
+ int CG_PlayerCount( void );
+diff --git a/src/game/bg_lib.h b/src/game/bg_lib.h
+index 021ebc3..01579a5 100644
+--- a/src/game/bg_lib.h
++++ b/src/game/bg_lib.h
+@@ -80,7 +80,7 @@ int _atoi( const char **stringPtr );
+
+
+ int vsprintf( char *buffer, const char *fmt, va_list argptr );
+-int sscanf( const char *buffer, const char *fmt, ... );
++int sscanf( const char *buffer, const char *fmt, ... ) __attribute__((format(scanf, 2, 3)));
+
+ // Memory functions
+ void *memmove( void *dest, const void *src, size_t count );
+diff --git a/src/game/g_local.h b/src/game/g_local.h
+index 82f294b..830d5af 100644
+--- a/src/game/g_local.h
++++ b/src/game/g_local.h
+@@ -881,10 +881,10 @@ void MoveClientToIntermission( gentity_t *client );
+ void CalculateRanks( void );
+ void FindIntermissionPoint( void );
+ void G_RunThink( gentity_t *ent );
+-void QDECL G_LogPrintf( const char *fmt, ... );
++void QDECL G_LogPrintf( const char *fmt, ... ) __attribute__((format(printf, 1, 2)));
+ void SendScoreboardMessageToAllClients( void );
+-void QDECL G_Printf( const char *fmt, ... );
+-void QDECL G_Error( const char *fmt, ... );
++void QDECL G_Printf( const char *fmt, ... ) __attribute__((format(printf, 1, 2)));
++void QDECL G_Error( const char *fmt, ... ) __attribute__((format(printf, 1, 2)));
+
+ //
+ // g_client.c
+diff --git a/src/master/common.h b/src/master/common.h
+index 47c29a9..c237bcd 100644
+--- a/src/master/common.h
++++ b/src/master/common.h
+@@ -82,7 +82,7 @@ extern char peer_address [128];
+ #endif
+
+ // Print a message to screen, depending on its verbose level
+-int MsgPrint (msg_level_t msg_level, const char* format, ...);
++int MsgPrint (msg_level_t msg_level, const char* format, ...) __attribute__((format(printf, 2, 3)));
+
+ void RecordClientStat( const char *address, const char *version, const char *renderer );
+ void RecordGameStat( const char *address, const char *dataText );
+diff --git a/src/qcommon/q_shared.h b/src/qcommon/q_shared.h
+index 83f5789..8c83a5f 100644
+--- a/src/qcommon/q_shared.h
++++ b/src/qcommon/q_shared.h
+@@ -636,8 +636,8 @@ int COM_GetCurrentParseLine( void );
+ char *COM_Parse( char **data_p );
+ char *COM_ParseExt( char **data_p, qboolean allowLineBreak );
+ int COM_Compress( char *data_p );
+-void COM_ParseError( char *format, ... );
+-void COM_ParseWarning( char *format, ... );
++void COM_ParseError( char *format, ... ) __attribute__((format(printf, 1, 2)));
++void COM_ParseWarning( char *format, ... ) __attribute__((format(printf, 1, 2)));
+ //int COM_ParseInfos( char *buf, int max, char infos[][MAX_INFO_STRING] );
+
+ #define MAX_TOKENLENGTH 1024
+@@ -671,7 +671,7 @@ void Parse1DMatrix (char **buf_p, int x, float *m);
+ void Parse2DMatrix (char **buf_p, int y, int x, float *m);
+ void Parse3DMatrix (char **buf_p, int z, int y, int x, float *m);
+
+-void QDECL Com_sprintf (char *dest, int size, const char *fmt, ...);
++void QDECL Com_sprintf (char *dest, int size, const char *fmt, ...) __attribute__((format(printf, 3, 4)));
+
+ char *Com_SkipTokens( char *s, int numTokens, char *sep );
+ char *Com_SkipCharset( char *s, char *sep );
+@@ -743,7 +743,7 @@ float LittleFloat (const float *l);
+
+ void Swap_Init (void);
+ */
+-char * QDECL va(char *format, ...);
++char * QDECL va(char *format, ...) __attribute__((format(printf, 1, 2)));
+
+ #define TRUNCATE_LENGTH 64
+ void Com_TruncateLongString( char *buffer, const char *s );
+@@ -762,8 +762,8 @@ qboolean Info_Validate( const char *s );
+ void Info_NextPair( const char **s, char *key, char *value );
+
+ // this is only here so the functions in q_shared.c and bg_*.c can link
+-void QDECL Com_Error( int level, const char *error, ... );
+-void QDECL Com_Printf( const char *msg, ... );
++void QDECL Com_Error( int level, const char *error, ... ) __attribute__((format(printf, 2, 3)));
++void QDECL Com_Printf( const char *msg, ... ) __attribute__((format(printf, 1, 2)));
+
+
+ /*
+diff --git a/src/qcommon/qcommon.h b/src/qcommon/qcommon.h
+index 7b2fb8a..5db3699 100644
+--- a/src/qcommon/qcommon.h
++++ b/src/qcommon/qcommon.h
+@@ -162,7 +162,7 @@ void NET_Restart( void );
+ void NET_Config( qboolean enableNetworking );
+
+ void NET_SendPacket (netsrc_t sock, int length, const void *data, netadr_t to);
+-void QDECL NET_OutOfBandPrint( netsrc_t net_socket, netadr_t adr, const char *format, ...);
++void QDECL NET_OutOfBandPrint( netsrc_t net_socket, netadr_t adr, const char *format, ...) __attribute__((format(printf, 3, 4)));
+ void QDECL NET_OutOfBandData( netsrc_t sock, netadr_t adr, byte *format, int len );
+
+ qboolean NET_CompareAdr (netadr_t a, netadr_t b);
+@@ -719,9 +719,9 @@ void Info_Print( const char *s );
+
+ void Com_BeginRedirect (char *buffer, int buffersize, void (*flush)(char *));
+ void Com_EndRedirect( void );
+-void QDECL Com_Printf( const char *fmt, ... );
+-void QDECL Com_DPrintf( const char *fmt, ... );
+-void QDECL Com_Error( int code, const char *fmt, ... );
++void QDECL Com_Printf( const char *fmt, ... ) __attribute__((format(printf, 1, 2)));
++void QDECL Com_DPrintf( const char *fmt, ... ) __attribute__((format(printf, 1, 2)));
++void QDECL Com_Error( int code, const char *fmt, ... ) __attribute__((format(printf, 2, 3)));
+ void Com_Quit_f( void );
+ int Com_EventLoop( void );
+ int Com_Milliseconds( void ); // will be journaled properly
+@@ -978,7 +978,7 @@ void *Sys_GetBotLibAPI( void *parms );
+
+ char *Sys_GetCurrentUser( void );
+
+-void QDECL Sys_Error( const char *error, ...);
++void QDECL Sys_Error( const char *error, ...) __attribute__((format(printf, 1, 2)));
+ void Sys_Quit (void);
+ char *Sys_GetClipboardData( void ); // note that this isn't journaled...
+
+diff --git a/src/renderer/tr_public.h b/src/renderer/tr_public.h
+index e4e4d04..8f3bb78 100644
+--- a/src/renderer/tr_public.h
++++ b/src/renderer/tr_public.h
+@@ -107,10 +107,10 @@ typedef struct {
+ //
+ typedef struct {
+ // print message on the local console
+- void (QDECL *Printf)( int printLevel, const char *fmt, ...);
++ void (QDECL *Printf)( int printLevel, const char *fmt, ...) __attribute__((format(printf, 2, 3)));
+
+ // abort the game
+- void (QDECL *Error)( int errorLevel, const char *fmt, ...);
++ void (QDECL *Error)( int errorLevel, const char *fmt, ...) __attribute__((format(printf, 2, 3)));
+
+ // milliseconds should only be used for profiling, never
+ // for anything game related. Get time from the refdef
+diff --git a/src/server/server.h b/src/server/server.h
+index 8eb4355..d1e764e 100644
+--- a/src/server/server.h
++++ b/src/server/server.h
+@@ -251,7 +251,7 @@ extern cvar_t *sv_lanForceRate;
+ // sv_main.c
+ //
+ void SV_FinalMessage (char *message);
+-void QDECL SV_SendServerCommand( client_t *cl, const char *fmt, ...);
++void QDECL SV_SendServerCommand( client_t *cl, const char *fmt, ...) __attribute__((format(printf, 2, 3)));
+
+
+ void SV_AddOperatorCommands (void);
+diff --git a/src/ui/ui_shared.h b/src/ui/ui_shared.h
+index 09de834..737900d 100644
+--- a/src/ui/ui_shared.h
++++ b/src/ui/ui_shared.h
+@@ -352,8 +352,8 @@ typedef struct {
+ void (*getBindingBuf)( int keynum, char *buf, int buflen );
+ void (*setBinding)( int keynum, const char *binding );
+ void (*executeText)(int exec_when, const char *text );
+- void (*Error)(int level, const char *error, ...);
+- void (*Print)(const char *msg, ...);
++ void (*Error)(int level, const char *error, ...) __attribute__((format(printf, 2, 3)));
++ void (*Print)(const char *msg, ...) __attribute__((format(printf, 1, 2)));
+ void (*Pause)(qboolean b);
+ int (*ownerDrawWidth)(int ownerDraw, float scale);
+ sfxHandle_t (*registerSound)(const char *name, qboolean compressed);
diff --git a/debian/patches/series b/debian/patches/series
index 4548181..f704e87 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -14,3 +14,6 @@
0014-CVE-2006-3325-fix-arbitrary-cvar-overwriting.patch
0015-CVE-2011-3012-CVE-2011-2764-backport-from-ioquake3-t.patch
0016-Always-behave-as-if-cl_allowDownload-was-false.patch
+0017-Sys_Error-do-not-overflow-if-an-error-message-exceed.patch
+0018-Avoid-non-literal-format-strings.patch
+0019-Annotate-printf-and-scanf-like-functions-with-gcc-at.patch
--
team based FPS game - packaging
More information about the Pkg-games-commits
mailing list